Solved

Office 365 Cutover Migration - Logistics and Post-Migration Strategy

Posted on 2015-01-19
23
640 Views
Last Modified: 2015-02-09
Greetings.  I'm getting ready to complete our cutover migration (using Microsoft's migration batch).

I've been told that the best way to finalize this is to switch our MX records (Autodiscover, too) on a Friday night, confirm mail routing to Office 365, then assist users on Monday morning.  I am presuming the suggestion implied that users should switch to Outlook online after the MX switch is completed (some time late Friday or early Saturday - we use Network Solutions which is pretty quick with this).

Questions:
1. We have 70 users, all with laptops, all out of the office on the weekends.  Is it preferable to actually stop MS Exchange services on our On-Premises server after the MX record switch ? When they come in Monday morning, we'll be waiting for them, but over the weekend, they may try to create messages in their current Outlook profiles vs. using their Office 365 online Outlook.

2. Once the MX record (and Autodiscover) are switched, does the migration batch still communicate with the on-premises server for incremental updates ? (this isn't really clear in any of the documentation I read). If so, and if I should let it continue for another day or so, that would preclude Question 1 above, yes ?

3. I have a password sync (third party) in place, so I don't need to maintain the on-premises server for dir sync at this time. I don't want to fully power it off though. Are there certain services I should stop right after the migration is completed that would not interfere with Question 2 above ?

Thanks much.
-Stephen
0
Comment
Question by:lapavoni
  • 13
  • 9
23 Comments
 
LVL 19

Expert Comment

by:R--R
ID: 40558667
Which Exchange server are you using on-premises.
Once you change the MX record. Run the sync again and sync the delta changes.
Once done create the autodiscover record for office 365.
Then configure outlook.
0
 

Author Comment

by:lapavoni
ID: 40558794
Exchange 2010 (SP3). Have you done a Cutover migration ? There's no manual "sync" to run. The migration batch does incremental syncs until you delete the batch. I'm hoping an expert out there knows if the incremental syncs continue after you change the MX record or if the migration batch is dependent upon the MX record (and Autodiscover) to continue doing the incremental syncs.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40559290
Incremental syncs will continue to sync after changing the MX records until you stop the batch manually.

What I normally do is stop the sync, then once it has stopped, start it again just before switching the MX records, then once it has finished the sync, change the MX records and stop inbound mail coming to your Exchange server.

You can then disable the mailboxes on your Exchange Server knowing that nothing else will arrive, remove the Autodiscover virtual directory using Exchange Management Shell and then setup the local users mailboxes and that will stop users from trying to send new emails out.

Come Monday you can help them configure Outlook for 365 knowing that DNS will have replicated and Autodiscover will find 365 and not your server.

Any mobiles can be changed on the Monday or over the weekend if people need to continue to email, but using 365 not your Exchange server.
0
 

Author Comment

by:lapavoni
ID: 40559942
Excellent, Alan. Thank  you. I understand every suggestion except:  " ... and then setup the local users mailboxes".  Not sure what you mean there.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40559972
Sorry - I meant configure Outlook for the 365 accounts on the users laptops - but then after I wrote that I re-read your question and saw that the users are remote and forgot to remove that bit!

So basically - once you have disabled their Mailboxes (DON'T Delete them as that will delete the mailbox AND the AD account), Outlook on their computers won't work - or at least it will, but they may try to send emails and they will sit in their Outboxes.

You will have to remind them all NOT to send out emails after a specific time (after you have disabled their mailboxes) or their messages won't send and will be lost!
0
 

Author Comment

by:lapavoni
ID: 40560147
I've done many "remove-mailbox -permanent" stuff, but that's a good reminder :-)

Since they have cached profiles, there's really no way to prevent them from sending, other than good communication before the switch. I was hoping otherwise, but that will have to do.

Thanks much.
0
 

Author Closing Comment

by:lapavoni
ID: 40560149
Outstanding advice. Thank you much.

-Stephen
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40560159
No amount of reminding them not to will prevent them from trying - they are users and we all know what they are like ;)

A lot of mail servers will pick up on the MX changes quite quickly but cutting off mail-flow to your server usually makes sure that nothing will get missed and give you / your users a headache.

If you get stuck anywhere whilst making the switch - just post another comment and I'll hopefully not be too far away.

Alan
0
 

Author Comment

by:lapavoni
ID: 40560170
Thank you much. I've got a team of two "helpers" in the office to create user profiles (probably Feb. 9th.) for about 50 users. I'd estimate about 10-12 will be on the road or in home offices, so I think it should go well.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40560183
No probs - always good to not be alone.  Happy to be a 3rd helper (if you need it).

We have a few hours difference between us (I'm in the UK) but that's never been an issue before.
0
 

Author Comment

by:lapavoni
ID: 40563647
Alan, since I do have your expert ear :-), I have one question for you re: public folders.  We have 19 public folders, 2 of which are calendars (Exchange 2010 SP3). I manually created these in Office 365. There really is not much content in them, with the exception of our Staff Out of Office calendar. My plan was to export each one to a PST and simply import the content back from my Outlook client.  Regarding the calendar-type ones, do I change the content type for the folder first ? Or if I do an import, does the folder know from the import to display calendar content ?  Thanks.
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40563804
I would change the type first - just to err on the side of caution.  Default is Mail and I've not tried importing calendar items to a default folder before to see what happens!
0
 

Author Comment

by:lapavoni
ID: 40595266
Hi Alan.  I'm in the midst of my cutover migration.  All is well so far.  I am afraid I might have done something out of order, though.  I changed the Autodiscover in DNS along with our MX records.  I'm not sure if the incremental sync relies on autodiscover pointing to our on-premise Exchange server.  If that is indeed the case, then I'll have a few upset employees missing one day's worth of e-mail.  In the rare chance you're awake, feel free to comfort me or break the bad news.

Thanks much.
-Stephen
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40595600
As long as you don't stop the sync, you should be fine.  I have seen the sync complain though once Autodiscover has been changed, but as long as it is syncing, then it should continue because it doesn't have to find the place to sync with.

Hopefully I'm not talking rubbish here!!
0
 

Author Comment

by:lapavoni
ID: 40595622
It wound up choking on every user. I called MS. We stopped the batch and restarted and that seemed to do the trick. One user had a sync fail and another had a name mismatch because I changed the login name. Of course it was our CEO. Neither had much mail from yesterday, so I just exported to PST and imported.

Thanks.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40595739
Ouch!  Why is it always the key players??

Ah - the old restart the batch file trick!!

Hope it's all plain sailing from now on.

Alan
0
 

Author Comment

by:lapavoni
ID: 40596480
But wait, there's more !  Now my mail-enabled public folders can't accept email from external senders. I guess Microsoft beefed up security a while back to reject all anonymous posting to public folders. I followed the supposed fix to change permissions for anonymous to "Contributor", but that didn't work. I've read that changing the Accepted Domain from Authoritative to Internal Relay should fix the problem, but I don't know if that's a good idea, as it then doesn't check for valid recipients, right ? What are your thoughts ? I'm awaiting a call from MS again. They haven't harmed anything, but haven't been overly helpful either :-)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40596713
Yep - they tweaked some settings.

You need Powershell to run the following command (per email-enabled Public Folder):

Add-PublicFolderClientPermission -Identity "\My Public Folder Name" -User Anonymous -AccessRights CreateItems
0
 

Author Comment

by:lapavoni
ID: 40596999
I tried that, to no avail.  It turned out that I did need to change the Accepted Domain type to Internal Relay.  All seems well.  Thanks for your replies and suggestions, Alan.  You're a nice Expert :-)
0
 

Author Comment

by:lapavoni
ID: 40597039
Hmmm, Microsoft has a lot of chicken-or-egg issues here.  I solved the mail-enabled PF issue by changing to Internal relay.  However ... now when an e-mail is sent to a non-existent user, the NDR shows up as:

Remote Server returned '554 5.4.14 Hop count exceeded - possible mail loop ATTR1'

With the entire loop in the message.  Not a show-stopper, but not helpful for outside senders :-(
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40597329
Why would you have to change the accepted domain to Internal Relay - that doesn't make any sense!?!?!?

Pretty sure that the permissions was all that needed changing for our customers that faced the same issue.

Always happy to help :)
0
 

Author Comment

by:lapavoni
ID: 40597349
I read that also, but for many users even the Anonymous permission fix doesn't work.  Since Internal Relay allows e-mails to addresses that are not AD "recipients" ... i.e. not Edge Blocked, they allow public folder e-mail addresses to receive external messages.  I know, it's crazy, but that fix worked.
0
 

Author Comment

by:lapavoni
ID: 40600106
I think I can sleep now :-). We created new Outlook profiles for about 90% of our users today. No problems at all with that. The only unexpected thing today was a weird one - a public folder calendar that I manually imported from PST changed the "last modified by" note on each appointment to Me :-)  so no one can delete their existing entries. I could give everyone full permission, but would rather avoid that. Not really a big deal.

So I'm managing all mail users, proxies, etc. in the online Exchange Admin center .... or via power shell. I'm using a third party utility to synchronize passwords.  Question: is there any reason to maintain my on-premises Exchange server ?  I know if I were using ADSync and I removed disabled the users' Exchange accounts, I'd lose their SMTPs and proxy addresses, right ? But since I'm not doing that, I can eventually decommission the a Exchange 2010 server.  Should I not disable the Exchange accounts and  simply power off the server ?

Thanks.
Stephen
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Suggested Solutions

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now